Malicious
Malicious

1bfd2f3590fb00301952cc3162c72370

PE Executable
|
MD5: 1bfd2f3590fb00301952cc3162c72370
|
Size: 15.15 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
1bfd2f3590fb00301952cc3162c72370
Sha1
ef475832e20860dd692d044758f323486a362484
Sha256
272b3cd90243295da28936b5fd521480c8adfa9aefb30ddca5ecbff6c454ba2d
Sha384
74582036e3d0764e79d0346f1c613dbb49ab78876d85dadcb800b5bee95b97218f83fba58d6085ac94dbfc7fc00aa8db
Sha512
da02ccd91201c4983cb095bd1be9d5593c65642dcc9b87a43eb1fa1aad2c16b127c6c4bb202995672e380171eb3eee3ecc397cb189327afc19db74a0385f46cb
SSDeep
98304:h9F/h26spdQ2R7VAwWVn8UQjtUEyViciZ74Vl8IQ7d1HNgrs75hWdQXMF6Ji:jF/bspSvn8UItsViciZyOnK+vWdQy6J
TLSH
54E6B583EADB9EA1C6062FF6C657A110C311D281B773E70E255B62272B12BBE57453C3

PeID

HQR data file
Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 DLL
Microsoft WAV Audio file
File Structure
1bfd2f3590fb00301952cc3162c72370
Malicious
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
4d6bybkIcCXdspR1nd.MKuf73YarxeF1Qed0d
01OyCE99giS1w24wTd.rmlSUZZSIdckkPMYbK
7v9ZgnPPMWCdIyX0UF.S3OciMN3jP67Ubyfvg
xyRSkjKgD4UjqQCHwv.HERAoDFO6nfHLAlhtg
du8QtWPvvGh1uRRGwmiY.KmLBkyPvy4x2rby7tJX1.resources
System.Data.SQLite.SR.resources
System.Data.SQLite.Resources.SQLiteCommand.bmp
System.Data.SQLite.Resources.SQLiteConnection.bmp
7kB8av3dJXmbRG6XAA.3ZZwwa1ByKpRGQiE2w
System.Data.SQLite.Resources.SQLiteDataAdapter.bmp
Microsoft OneDrive.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Updater.Properties.Resources.resources
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: Microsoft OneDrive.pdb
Module Name

Microsoft OneDrive.exe
Full Name

Microsoft OneDrive.exe
EntryPoint

System.Void seKA2ytaEYMmFylyos.JAT9ksnYhlqONqBY6S::mPB5qONIc(System.String[])
Scope Name

Microsoft OneDrive.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Microsoft OneDrive
Assembly Version

53.22.54.12
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

48
Main Method

System.Void seKA2ytaEYMmFylyos.JAT9ksnYhlqONqBY6S::mPB5qONIc(System.String[])
Main IL Instruction Count

90
Main IL

br.s IL_0007: ldc.i4 1 call <null> ldc.i4 1 stloc V_0 br IL_0015: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_005E: nop ldc.i4 5000 ldsfld R8vqaS9A1kPlVi8V0qKV R8vqaS9A1kPlVi8V0qKV::mfP9AdKVWan call System.Void R8vqaS9A1kPlVi8V0qKV::A1K9WWnRVDE(System.Int32,R8vqaS9A1kPlVi8V0qKV) ldc.i4 0 ldsfld <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe} <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_a953983585bf48719b05a7a01556e86b ldfld System.Int32 <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_edf76f92ac7c43e1a97e50fb658370ab brfalse IL_0019: switch(IL_005E,IL_002F,IL_005D) pop <null> ldc.i4 0 br IL_0019: switch(IL_005E,IL_002F,IL_005D) ret <null> nop <null> ldsfld omT8709AQ9J3F9lAjuE8 omT8709AQ9J3F9lAjuE8::s3I9APVlmgb call System.Void omT8709AQ9J3F9lAjuE8::A1K9WWnRVDE(omT8709AQ9J3F9lAjuE8) ldc.i4 2 ldsfld <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe} <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_a953983585bf48719b05a7a01556e86b ldfld System.Int32 <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_515a7bcbd7d544e7b04ad49b9f9e3ace brtrue IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) pop <null> ldc.i4 1 br IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] br IL_00EA: ldloc.s V_3 br IL_015A: leave IL_005D ldc.i4 0 ldsfld <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe} <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_a953983585bf48719b05a7a01556e86b ldfld System.Int32 <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_426c309bd88b481698c50290ce3e209c brtrue IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) pop <null> ldc.i4 0 br IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) ldsfld q9QWEX9ANXPVD8B0PZoc q9QWEX9ANXPVD8B0PZoc::nJV9A93VUbs call System.Void q9QWEX9ANXPVD8B0PZoc::A1K9WWnRVDE(q9QWEX9ANXPVD8B0PZoc) ldc.i4 6 br IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) ldloc.s V_3 ldsfld umRWoS9AYvLE6IOdNnux umRWoS9AYvLE6IOdNnux::VUl9AKQvwG0 call System.Object umRWoS9AYvLE6IOdNnux::A1K9WWnRVDE(System.Byte[],umRWoS9AYvLE6IOdNnux) pop <null> ldc.i4 1 ldsfld <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe} <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_a953983585bf48719b05a7a01556e86b ldfld System.Int32 <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_14b07d47cb1642b7850300ea67e8c989 brtrue IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) pop <null> ldc.i4 0 br IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) ldloc.s V_3 brtrue IL_00EA: ldloc.s V_3 ldc.i4 5 br IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) ldc.i4 1000 ldsfld R8vqaS9A1kPlVi8V0qKV R8vqaS9A1kPlVi8V0qKV::mfP9AdKVWan call System.Void R8vqaS9A1kPlVi8V0qKV::A1K9WWnRVDE(System.Int32,R8vqaS9A1kPlVi8V0qKV) ldc.i4 3 br IL_008C: switch(IL_00EA,IL_015A,IL_0127,IL_00D6,IL_0116,IL_00B2,IL_0140) ldsfld bqkLTq9AZbNdLtLMlqcs bqkLTq9AZbNdLtLMlqcs::jhj9AkDYsUo call System.Byte[] bqkLTq9AZbNdLtLMlqcs::A1K9WWnRVDE(bqkLTq9AZbNdLtLMlqcs) stloc.s V_3 ldc.i4 4 stloc V_1 br IL_0088: ldloc V_1 leave IL_005D: ret pop <null> ldc.i4 0 ldsfld <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe} <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_a953983585bf48719b05a7a01556e86b ldfld System.Int32 <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_adc6c867fa904f76888296fd6877c891 brtrue IL_0183: switch(IL_0191) pop <null> ldc.i4 0 br IL_0183: switch(IL_0191) ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] br IL_0191: leave IL_005D leave IL_005D: ret ldc.i4 1 ldsfld <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe} <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_a953983585bf48719b05a7a01556e86b ldfld System.Int32 <Module>{8f7bf35e-738f-4239-b831-954b1edf1dfe}::m_d5dae22da44b4da6a51bce835f0cc4c3 brfalse IL_0019: switch(IL_005E,IL_002F,IL_005D) pop <null> ldc.i4 2 br IL_0019: switch(IL_005E,IL_002F,IL_005D)
1bfd2f3590fb00301952cc3162c72370 (15.15 MB)
File Structure
1bfd2f3590fb00301952cc3162c72370
Malicious
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
4d6bybkIcCXdspR1nd.MKuf73YarxeF1Qed0d
01OyCE99giS1w24wTd.rmlSUZZSIdckkPMYbK
7v9ZgnPPMWCdIyX0UF.S3OciMN3jP67Ubyfvg
xyRSkjKgD4UjqQCHwv.HERAoDFO6nfHLAlhtg
du8QtWPvvGh1uRRGwmiY.KmLBkyPvy4x2rby7tJX1.resources
System.Data.SQLite.SR.resources
System.Data.SQLite.Resources.SQLiteCommand.bmp
System.Data.SQLite.Resources.SQLiteConnection.bmp
7kB8av3dJXmbRG6XAA.3ZZwwa1ByKpRGQiE2w
System.Data.SQLite.Resources.SQLiteDataAdapter.bmp
Microsoft OneDrive.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Updater.Properties.Resources.resources
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙